From 13a60cc5ea59cc2f18ac19888fe51628f9f0774a Mon Sep 17 00:00:00 2001 From: Dmitry Timoshkov Date: Fri, 16 Dec 2016 13:23:15 +0800 Subject: advapi32/tests: Add a test that compares a well-known SID to a SID created from a SDDL abbreviation. --- dlls/advapi32/tests/security.c | 130 +++++++++++++++++++++++++++++------------ 1 file changed, 92 insertions(+), 38 deletions(-) diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index 18f4e04..4e1f53b 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -2,7 +2,7 @@ * Unit tests for security functions * * Copyright (c) 2004 Mike McCormack - * Copyright (c) 2011 Dmitry Timoshkov + * Copyright (c) 2011,2013,2014,2016 Dmitry Timoshkov * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -138,14 +138,6 @@ static HMODULE hmod; static int myARGC; static char** myARGV; -struct strsid_entry -{ - const char *str; - DWORD flags; -}; -#define STRSID_OK 0 -#define STRSID_OPT 1 - #define SID_SLOTS 4 static char debugsid_str[SID_SLOTS][256]; static int debugsid_index = 0; @@ -175,12 +167,6 @@ static const char* debugstr_sid(PSID sid) return res; } -struct sidRef -{ - SID_IDENTIFIER_AUTHORITY auth; - const char *refStr; -}; - static void init(void) { HMODULE hntdll; @@ -297,7 +283,11 @@ static void test_group_equal(HANDLE Handle, PSID expected, int line) static void test_sid(void) { - struct sidRef refs[] = { + static struct + { + SID_IDENTIFIER_AUTHORITY auth; + const char *refStr; + } refs[] = { { { {0x00,0x00,0x33,0x44,0x55,0x66} }, "S-1-860116326-1" }, { { {0x00,0x00,0x01,0x02,0x03,0x04} }, "S-1-16909060-1" }, { { {0x00,0x00,0x00,0x01,0x02,0x03} }, "S-1-66051-1" }, @@ -305,24 +295,60 @@ static void test_sid(void) { { {0x00,0x00,0x00,0x00,0x00,0x02} }, "S-1-2-1" }, { { {0x00,0x00,0x00,0x00,0x00,0x0c} }, "S-1-12-1" }, }; - struct strsid_entry strsid_table[] = { - {"AO", STRSID_OK}, {"RU", STRSID_OK}, {"AN", STRSID_OK}, {"AU", STRSID_OK}, - {"BA", STRSID_OK}, {"BG", STRSID_OK}, {"BO", STRSID_OK}, {"BU", STRSID_OK}, - {"CA", STRSID_OPT}, {"CG", STRSID_OK}, {"CO", STRSID_OK}, {"DA", STRSID_OPT}, - {"DC", STRSID_OPT}, {"DD", STRSID_OPT}, {"DG", STRSID_OPT}, {"DU", STRSID_OPT}, - {"EA", STRSID_OPT}, {"ED", STRSID_OK}, {"WD", STRSID_OK}, {"PA", STRSID_OPT}, - {"IU", STRSID_OK}, {"LA", STRSID_OK}, {"LG", STRSID_OK}, {"LS", STRSID_OK}, - {"SY", STRSID_OK}, {"NU", STRSID_OK}, {"NO", STRSID_OK}, {"NS", STRSID_OK}, - {"PO", STRSID_OK}, {"PS", STRSID_OK}, {"PU", STRSID_OK}, {"RS", STRSID_OPT}, - {"RD", STRSID_OK}, {"RE", STRSID_OK}, {"RC", STRSID_OK}, {"SA", STRSID_OPT}, - {"SO", STRSID_OK}, {"SU", STRSID_OK}}; - + static const struct + { + const char *str; + WELL_KNOWN_SID_TYPE sid_type; + BOOL optional; + } strsid_table[] = { + /* Please keep the list sorted. */ + { "AC", WinBuiltinAnyPackageSid, TRUE }, + { "AN", WinAnonymousSid }, + { "AO", WinBuiltinAccountOperatorsSid }, + { "AU", WinAuthenticatedUserSid }, + { "BA", WinBuiltinAdministratorsSid }, + { "BG", WinBuiltinGuestsSid }, + { "BO", WinBuiltinBackupOperatorsSid }, + { "BU", WinBuiltinUsersSid }, + { "CA", WinAccountCertAdminsSid, TRUE}, + { "CG", WinCreatorGroupSid }, + { "CO", WinCreatorOwnerSid }, + { "DA", WinAccountDomainAdminsSid, TRUE}, + { "DC", WinAccountComputersSid, TRUE}, + { "DD", WinAccountControllersSid, TRUE}, + { "DG", WinAccountDomainGuestsSid, TRUE}, + { "DU", WinAccountDomainUsersSid, TRUE}, + { "EA", WinAccountEnterpriseAdminsSid, TRUE}, + { "ED", WinEnterpriseControllersSid }, + { "IU", WinInteractiveSid }, + { "LA", WinAccountAdministratorSid }, + { "LG", WinAccountGuestSid }, + { "LS", WinLocalServiceSid }, + { "NO", WinBuiltinNetworkConfigurationOperatorsSid }, + { "NS", WinNetworkServiceSid }, + { "NU", WinNetworkSid }, + { "PA", WinAccountPolicyAdminsSid, TRUE}, + { "PO", WinBuiltinPrintOperatorsSid }, + { "PS", WinSelfSid }, + { "PU", WinBuiltinPowerUsersSid }, + { "RC", WinRestrictedCodeSid }, + { "RD", WinBuiltinRemoteDesktopUsersSid }, + { "RE", WinBuiltinReplicatorSid }, + { "RS", WinAccountRasAndIasServersSid, TRUE }, + { "RU", WinBuiltinPreWindows2000CompatibleAccessSid }, + { "SA", WinAccountSchemaAdminsSid, TRUE }, + { "SO", WinBuiltinSystemOperatorsSid }, + { "SU", WinServiceSid }, + { "SY", WinLocalSystemSid }, + { "WD", WinWorldSid }, + }; + SID_IDENTIFIER_AUTHORITY domain_ident = { SECURITY_NT_AUTHORITY }; const char noSubAuthStr[] = "S-1-5"; unsigned int i; - PSID psid = NULL; + PSID psid, domain_sid; SID *pisid; BOOL r; - LPSTR str = NULL; + LPSTR str; if( !pConvertSidToStringSidA || !pConvertStringSidToSidA ) { @@ -402,7 +428,7 @@ static void test_sid(void) } /* string constant format not supported before XP */ - r = pConvertStringSidToSidA(strsid_table[0].str, &psid); + r = pConvertStringSidToSidA("AN", &psid); if(!r) { win_skip("String constant format not supported\n"); @@ -410,25 +436,51 @@ static void test_sid(void) } LocalFree(psid); + AllocateAndInitializeSid(&domain_ident, 4, SECURITY_NT_NON_UNIQUE, 0, 0, 0, 0, 0, 0, 0, &domain_sid); + for(i = 0; i < sizeof(strsid_table) / sizeof(strsid_table[0]); i++) { - char *temp; - SetLastError(0xdeadbeef); r = pConvertStringSidToSidA(strsid_table[i].str, &psid); - if (!(strsid_table[i].flags & STRSID_OPT)) + if (!(strsid_table[i].optional)) { ok(r, "%s: got %u\n", strsid_table[i].str, GetLastError()); } if (r) { - if ((winetest_debug > 1) && (pConvertSidToStringSidA(psid, &temp))) + char buf[SECURITY_MAX_SID_SIZE]; + char *sid_string, *well_known_sid_string; + DWORD n, size; + + /* zero out domain id before comparison to simplify things */ + if (strsid_table[i].sid_type == WinAccountAdministratorSid || + strsid_table[i].sid_type == WinAccountGuestSid) { - trace(" %s: %s\n", strsid_table[i].str, temp); - LocalFree(temp); + for (n = 1; n <= 3; n++) + *GetSidSubAuthority(psid, n) = 0; } + + r = pConvertSidToStringSidA(psid, &sid_string); + ok(r, "%s: ConvertSidToStringSid error %u\n", strsid_table[i].str, GetLastError()); + if (winetest_debug > 1) + trace("%s => %s\n", strsid_table[i].str, sid_string); + + size = sizeof(buf); + r = pCreateWellKnownSid(strsid_table[i].sid_type, domain_sid, buf, &size); + ok(r, "%u: CreateWellKnownSid(%u) error %u\n", i, strsid_table[i].sid_type, GetLastError()); + + r = pConvertSidToStringSidA(buf, &well_known_sid_string); + ok(r, "%u: ConvertSidToStringSi(%u) error %u\n", i, strsid_table[i].sid_type, GetLastError()); + if (winetest_debug > 1) + trace("%u => %s\n", strsid_table[i].sid_type, well_known_sid_string); + + ok(strcmp(sid_string, well_known_sid_string) == 0, + "%u: (%u) expected %s, got %s\n", i, strsid_table[i].sid_type, well_known_sid_string, sid_string); + + LocalFree(well_known_sid_string); + LocalFree(sid_string); LocalFree(psid); } else @@ -439,6 +491,8 @@ static void test_sid(void) trace(" %s: couldn't be converted\n", strsid_table[i].str); } } + + LocalFree(domain_sid); } static void test_trustee(void) @@ -2288,7 +2342,7 @@ static void test_LookupAccountSid(void) if (pCreateWellKnownSid && pConvertSidToStringSidA) { trace("Well Known SIDs:\n"); - for (i = 0; i <= 60; i++) + for (i = 0; i <= 84; i++) { size = SECURITY_MAX_SID_SIZE; if (pCreateWellKnownSid(i, NULL, &max_sid.sid, &size)) -- 2.9.0